Why this looks valid
- The “from” field appears to contain a Human Resources Vassar email address.
- The body of the message contains a Vassar logo.
- If you do click on the link (please don’t!) the page that opens looks exactly like Vassar’s Central Authentication System (CAS).
Why this is phishing
- The URL, or link, contained in the message does not link to a known Vassar site.
- Vassar does not normally announce payroll or salary changes in October.
Additional notes
- A phone call to Human Resources would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
- Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.